CVE-2012-3580 - Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web app

CVE-2012-3580

Summary

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.

References

Vulnerable Configurations

cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*

CVSS

Base:	7.7 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bid	55141
confirm	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
xf	symantec-gateway-interface-sec-bypass(78032)

Last major update

29-08-2017 - 01:31

Published

29-08-2012 - 10:56

Last modified

29-08-2017 - 01:31